Mobile Networks Support in IPv 6 — Draft

Зарегистрируйтесь, чтобы просмотреть полный документ!

Mobile Networks Support in IPv 6 - Draft Update draft-ernst-mobileip-v 6 -01. txt - Thierry Ernst - MOTOROLA Labs Ludovic Bellier - INRIA (Planete project) Claude Castelluccia - INRIA (Planete project) Hong-Yon Lach - MOTOROLA Labs 49 th IETF - San Diego - 1

Definition and Terminology v. Mobile Node = a node that changes its point of attachment u by means of Mobile IPv 6 v. Mobile Network = an entire network that changes its point of attachment u A IP subnet or a collection of IP subnets u Mobile Router (MR) + its attached Nodes and Routers. u SNs = all stationary nodes located in mobile network ( SNs are not Mobile Nodes !) u Future needs require to consider (potentially large) mobile networks v. CNs = all nodes communicating with SNs v. Aim of this work is to: u Provide continuous Internet connectivity to SNs u Offer optimal routing between CNs and SNs v. Mobile IPv 6 specification: u Mobile IPv 6 nodes may either be Mobile Hosts or Mobile Routers. u But no explicit mention of mobile networks. Ernst Thierry - 49 th IETF San Diego - 2

Experimentation: Test Bed v Francis Dupont INRIA IPv 6 Implementation under Free. BSD 3. 3 v MR has two interfaces u One on the home / foreign link in the home / foreign network u One on the internal link in the mobile network v Mobile Network attaches to foreign link : u MR obtains a care-of address on the foreign link u MR registers care-of address with HA. u HA opens an IPv 6 -in-IPv 6 tunnel to MR’s careof address u HA adds a host-specific route for MR’s home address to MR’s careof address Ernst Thierry - 49 th IETF San Diego - 3

Experimentation: Ping between CN and MR u Packet is routed to BR u BR sends NDP messages to discover MR’s MAC address u BR HA replies with HA’s address on behalf of MR u HA intercepts packets addressed to MR u HA routes the packet to the IPv 6 -in-IPv 6 tunnel u HA tunnels the packet to MR’s care-of address => Redirection works fine whether Mobile Node is a Host or a Router I ’m MR MR ? No problem, MR receives the packet Ernst Thierry - 49 th IETF San Diego - 4

Experimentation: Ping between CN and SN u Packet is routed to BR u In BR’s routing table, MR' home address is the next hop towards SN u BR sends NDP messages to discover MR’s MAC address u HA replies with HA’s address on behalf of MR u HA intercepts but does not have an entry for SN’s address u HA sends the packet to its default route, i. e. the BR u The packet enters in a routing loop => Redirection to SNs impossible I ’m MR MR ? Routing Loop Problem, SN never receives the packet Ernst Thierry - 49 th IETF San Diego - 5

Our Solution: Network Scope Binding Updates v. Assumption: all nodes in the mobile network share a common IP prefix = Mobile Network Prefix u if only one subnet -> internal link ’s prefix u If several subnets -> a common prefix identifying (sub-SLA) all subnets in the mobile network v. Our solution: all packets with a destination address corresponding to the Mobile Network Prefix are routed to the MR ’s careof address. v. Means: u A Binding between the Mobile Network Prefix and the MR’s careof address. u a new Sub-Option to carry the Mobile Network Prefix + a ‘P’ flag u Prefix and flag are recorded in the binding cache u Binding Cache is searched for a Prefix for those records showing the ‘P’ flag. u BUs containing the Mobile Network Prefix are sent: l l To the HA to allow redirection To all CNs to allow optimal routing u BUs are sent by the MR, not by individual SNs: l l mobility of network is transparent to SNs mobility management is aggregated (a given CN only gets 1 BU whatever # SNs) Ernst Thierry - 49 th IETF San Diego - 6

Our Solution: Security Issues v Existing Mobile IPv 6 for Mobile Nodes: u Authentication of BU’s sender: MN authenticated thanks to IPSec u Authorization of MN = allowing MN to send BUs l no explicit authorization l If sender is authenticated, the Mobile IPv 6 policy is to accept, record, and use whatever received careof address l v Mobile IPv 6 extensions to support Mobile Networks: u Authentication of BU’s sender: MR is authenticated thanks to IPSec - (same as for a single MN) u Authorization of MR = allowing the MR to manage mobility of an entire network l If the Mobile IPv 6 policy says that a careof-address can be registered for a prefix, then MR has the right to register a binding between the Mobile Network Prefix and its address. l Authorization may be provided by a certificate: exchanged during SA negociation to guarantee that MR actually serves the mobile network with the specified Prefix. l v Our solution is a matter of Authorization, not a matter of Authentication Ernst Thierry - 49 th IETF San Diego - 7

Mobile IP Working Group Item ? v Does the Mobile IP WG agree that: u HA is unable to redirect packets sent to nodes in the mobile network ? (if the final destination is not the Mobile Router itself) u CN is unable to directly route packets to nodes in the mobile network) (if the final destination is not the Mobile Router itself) => no redirection + no optimal routing = SNs are unreachable v This should be addressed by the Mobile IP WG => Add « Support of Mobile Networks » as a work item of the Mobile IP WG and include it in the charter. Ernst Thierry - 49 th IETF San Diego - 8

For More Information draft-ernst-mobileip-v 6 -network-01. txt Thierry Ernst thierry. ernst@inrialpes. fr http: // www. inrialpes. fr/planete This is a joint work between and Ernst Thierry - 49 th IETF San Diego - 9

Скачать презентацию Mobile Networks Support in IPv 6 — Draft

1203262aebfcf465d1a23d660111a981.ppt

Количество слайдов: 9